Generate bind pool and bind configuration using deployment info
The bind pool information is now automatically generated and the variables and sample config files are no longer needed. Matching bind9 and rndc key configuration is also generated. Note: this patch also removes the use of puppet-dns which is problematic when bind and the worker aren't on the same host and is awkward to use with respect to rndc keys. It also modifies yaml-validate.py to correct a rule changed with respect rndc_allowed_addresses. Depends-On: Ib121888061b8bfcc4155528a8a209c7e274fafcb Depends-On: I3383c19f80e70553ae71e644a01dda0f250d19da Depends-On: I1b6674acbd6f999474cd66cb44357cf6b756a7d0 Change-Id: Ib89bcafe9f65431aee5756a32b2a82adc3d384dc
This commit is contained in:
parent
690c7eda33
commit
7de18e52cd
|
@ -31,50 +31,6 @@ parameter_defaults:
|
|||
NeutronPluginExtensions: qos,port_security,dns
|
||||
RpcPort: 31459
|
||||
NotifyPort: 5672
|
||||
DesignatePools: |
|
||||
- name: default
|
||||
# The name is immutable. There will be no option to change the name after
|
||||
# creation and the only way will to change it will be to delete it
|
||||
# (and all zones associated with it) and recreate it.
|
||||
description: Default Pool
|
||||
|
||||
attributes: {}
|
||||
|
||||
# List out the NS records for zones hosted within this pool
|
||||
# This should be a record that is created outside of designate, that
|
||||
# points to the public IP of the controller node.
|
||||
ns_records:
|
||||
- hostname: ns1-1.example.org.
|
||||
priority: 1
|
||||
|
||||
# List out the nameservers for this pool. These are the actual BIND servers.
|
||||
# We use these to verify changes have propagated to all nameservers.
|
||||
nameservers:
|
||||
- host: 192.168.24.251
|
||||
port: 53
|
||||
|
||||
# List out the targets for this pool. For BIND there will be one
|
||||
# entry for each BIND server, as we have to run rndc command on each server
|
||||
targets:
|
||||
- type: bind9
|
||||
description: BIND9 Server 1
|
||||
|
||||
# List out the designate-mdns servers from which BIND servers should
|
||||
# request zone transfers (AXFRs) from.
|
||||
# This should be the IP of the controller node.
|
||||
# If you have multiple controllers you can add multiple masters
|
||||
# by running designate-mdns on them, and adding them here.
|
||||
masters:
|
||||
- host: 127.0.0.1
|
||||
port: 5354
|
||||
|
||||
# BIND Configuration options
|
||||
options:
|
||||
host: 192.168.24.251
|
||||
port: 53
|
||||
rndc_host: 192.168.24.251
|
||||
rndc_port: 953
|
||||
rndc_key_file: /etc/rndc.key
|
||||
ContainerCli: podman
|
||||
ExtraFirewallRules:
|
||||
'301 allow arbitrary tcp rule':
|
||||
|
|
|
@ -25,9 +25,6 @@ parameters:
|
|||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
|
@ -79,56 +76,12 @@ outputs:
|
|||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [DesignateBase, role_data, config_settings]
|
||||
- designate_rndc_key: {get_param: DesignateRndcKey}
|
||||
dns::vardir: /var/named-persistent
|
||||
dns::recursion: 'no'
|
||||
# Because we generate the key locally and don't want the puppet
|
||||
# module to do it, we set its path to /dev/null. This means we need
|
||||
# to explicitly include /etc/rndc.key though since the default config
|
||||
# will just include /dev/null.
|
||||
dns::rndckeypath: /dev/null
|
||||
dns::additional_directives:
|
||||
- include "/etc/rndc.key";
|
||||
dns::additional_options:
|
||||
listen-on:
|
||||
str_replace:
|
||||
template:
|
||||
"{ %{hiera('$NETWORK')}; }"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, BINDNetwork]}
|
||||
tripleo::profile::base::designate::rndc_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
||||
tripleo::profile::base::designate::rndc_allowed_addresses:
|
||||
get_param:
|
||||
- ServiceData
|
||||
- net_cidr_map
|
||||
- {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
||||
designate::backend::bind9::rndc_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
# TODO(beagles): puppet-desginate is doing some configuration in
|
||||
# dns::options_path so it seems like we need to run this puppet here for
|
||||
# the time being at least. I don't think there is a path from heat
|
||||
# var->hiera->puppet->named configuration at the moment though.
|
||||
- designate::backend::bind9::configure_bind: false
|
||||
puppet_config:
|
||||
config_volume: designate
|
||||
puppet_tags: designate_config,dns_config
|
||||
step_config:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - {get_attr: [DesignateBase, role_data, step_config]}
|
||||
- include ::designate::backend::bind9
|
||||
puppet_tags: designate_config
|
||||
step_config: {get_attr: [DesignateBase, role_data, step_config]}
|
||||
config_image: {get_param: ContainerDesignateConfigImage}
|
||||
volumes:
|
||||
- /var/named-persistent:/var/named-persistent:z
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/designate_backend_bind9.json:
|
||||
command: /usr/sbin/named -u named -c /etc/named.conf -f -g
|
||||
|
@ -151,6 +104,24 @@ outputs:
|
|||
- path: /etc/rndc.key
|
||||
owner: root:named
|
||||
perm: '0640'
|
||||
deploy_steps_tasks:
|
||||
- name: generate rndc key configuration files
|
||||
when: step|int == 4
|
||||
import_role:
|
||||
name: designate_rndc_config
|
||||
vars:
|
||||
designate_rndc_key: {get_param: DesignateRndcKey}
|
||||
designate_rndc_key_file_path: /var/lib/config-data/ansible-generated/designate/etc/
|
||||
- name: generate bind configuration
|
||||
when: step|int == 4
|
||||
import_role:
|
||||
name: designate_bind_config
|
||||
vars:
|
||||
rndc_allowed_addresses:
|
||||
get_param:
|
||||
- ServiceData
|
||||
- net_cidr_map
|
||||
- {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
||||
docker_config:
|
||||
step_4:
|
||||
designate_backend_bind9:
|
||||
|
@ -164,7 +135,7 @@ outputs:
|
|||
-
|
||||
- /run:/run
|
||||
- /var/lib/kolla/config_files/designate_backend_bind9.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/designate:/var/lib/kolla/config_files/src:ro
|
||||
- /var/lib/config-data/ansible-generated/designate:/var/lib/kolla/config_files/src:ro
|
||||
- /var/log/containers/designate:/var/log/designate:z
|
||||
- /var/named-persistent:/var/named-persistent:z
|
||||
environment:
|
||||
|
|
|
@ -55,9 +55,6 @@ parameters:
|
|||
description: The password for the Designate's database account.
|
||||
type: string
|
||||
hidden: true
|
||||
DesignatePools:
|
||||
description: The content for Designate's pools.yaml
|
||||
type: string
|
||||
|
||||
conditions:
|
||||
designate_workers_zero: {equals : [{get_param: DesignateWorkers}, 0]}
|
||||
|
@ -89,8 +86,7 @@ outputs:
|
|||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [DesignateBase, role_data, config_settings]
|
||||
- tripleo::profile::base::designate::central::pools_file_content: {get_param: DesignatePools}
|
||||
designate::db::database_connection:
|
||||
- designate::db::database_connection:
|
||||
make_url:
|
||||
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
||||
username: designate
|
||||
|
@ -147,6 +143,11 @@ outputs:
|
|||
- path: /var/log/designate
|
||||
owner: designate:designate
|
||||
recurse: true
|
||||
deploy_steps_tasks:
|
||||
- name: generate designate pool
|
||||
when: step|int == 4
|
||||
import_role:
|
||||
name: designate_bind_pool
|
||||
docker_config:
|
||||
# db sync runs before permissions set by kolla_config
|
||||
step_2:
|
||||
|
@ -204,7 +205,7 @@ outputs:
|
|||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/config-data/designate/etc/designate/:/etc/designate/:ro
|
||||
- /var/lib/config-data/puppet-generated/designate/etc/designate/:/etc/designate/:ro
|
||||
- /var/log/containers/designate:/var/log/designate:z
|
||||
command: "/usr/bin/bootstrap_host_exec designate_central su designate -s /bin/bash -c '/bin/designate-manage pool update'"
|
||||
host_prep_tasks:
|
||||
|
|
|
@ -87,24 +87,6 @@ outputs:
|
|||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [DesignateBase, role_data, config_settings]
|
||||
- designate_rndc_key: {get_param: DesignateRndcKey}
|
||||
tripleo::profile::base::designate::rndc_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
||||
tripleo::profile::base::designate::rndc_allowed_addresses:
|
||||
get_param:
|
||||
- ServiceData
|
||||
- net_cidr_map
|
||||
- {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
||||
designate::backend::bind9::rndc_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, DesignateApiNetwork]}
|
||||
-
|
||||
if:
|
||||
- designate_workers_zero
|
||||
|
@ -117,12 +99,13 @@ outputs:
|
|||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: designate
|
||||
puppet_tags: designate_config,dns_config
|
||||
puppet_tags: designate_config
|
||||
step_config:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - {get_attr: [DesignateBase, role_data, step_config]}
|
||||
- "include tripleo::profile::base::designate::worker"
|
||||
- "include tripleo::profile::base::designate::backend"
|
||||
config_image: {get_param: ContainerDesignateConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/designate_worker.json:
|
||||
|
@ -136,6 +119,13 @@ outputs:
|
|||
- path: /var/log/designate
|
||||
owner: designate:designate
|
||||
recurse: true
|
||||
deploy_steps_tasks:
|
||||
- name: generate rndc key configuration files
|
||||
when: step|int == 4
|
||||
import_role:
|
||||
name: designate_rndc_config
|
||||
vars:
|
||||
designate_rndc_key: {get_param: DesignateRndcKey}
|
||||
docker_config:
|
||||
step_4:
|
||||
designate_worker:
|
||||
|
|
|
@ -1,127 +0,0 @@
|
|||
# *******************************************************************
|
||||
# This file was created automatically by the sample environment
|
||||
# generator. Developers should use `tox -e genconfig` to update it.
|
||||
# Users are recommended to make changes to a copy of the file instead
|
||||
# of the original, if any customizations are needed.
|
||||
# *******************************************************************
|
||||
# title: Configure Designate Parameters for HA
|
||||
# description: |
|
||||
# Sample configuration parameters for Designate that are appropriate
|
||||
# for an HA deployment. Requires the enable-designate environment.
|
||||
parameter_defaults:
|
||||
# The content for Designate's pools.yaml
|
||||
# Mandatory. This parameter must be set by the user.
|
||||
# Type: string
|
||||
DesignatePools: |
|
||||
- name: default
|
||||
# The name is immutable. There will be no option to change the name after
|
||||
# creation and the only way will to change it will be to delete it
|
||||
# (and all zones associated with it) and recreate it.
|
||||
description: Default Pool
|
||||
|
||||
attributes: {}
|
||||
|
||||
# List out the NS records for zones hosted within this pool
|
||||
# This should be a record that is created outside of designate, that
|
||||
# points to the public IP of the controller node.
|
||||
ns_records:
|
||||
- hostname: ns1-1.example.org.
|
||||
priority: 1
|
||||
- hostname: ns1-2.example.org.
|
||||
priority: 2
|
||||
- hostname: ns1-3.example.org.
|
||||
priority: 3
|
||||
|
||||
# List out the nameservers for this pool. These are the actual BIND servers.
|
||||
# We use these to verify changes have propagated to all nameservers.
|
||||
nameservers:
|
||||
- host: 10.0.0.51
|
||||
port: 53
|
||||
- host: 10.0.0.52
|
||||
port: 53
|
||||
- host: 10.0.0.53
|
||||
port: 53
|
||||
|
||||
# List out the targets for this pool. For BIND there will be one
|
||||
# entry for each BIND server, as we have to run rndc command on each server
|
||||
targets:
|
||||
- type: bind9
|
||||
description: BIND9 Server 1
|
||||
|
||||
# List out the designate-mdns servers from which BIND servers should
|
||||
# request zone transfers (AXFRs) from.
|
||||
# This should be the IP of the controller node.
|
||||
# If you have multiple controllers you can add multiple masters
|
||||
# by running designate-mdns on them, and adding them here.
|
||||
masters:
|
||||
- host: 10.0.0.51
|
||||
port: 5354
|
||||
- host: 10.0.0.52
|
||||
port: 5354
|
||||
- host: 10.0.0.53
|
||||
port: 5354
|
||||
|
||||
# BIND Configuration options
|
||||
options:
|
||||
host: 10.0.0.51
|
||||
port: 53
|
||||
rndc_host: 172.17.0.251
|
||||
rndc_port: 953
|
||||
rndc_key_file: /etc/rndc.key
|
||||
- type: bind9
|
||||
description: BIND9 Server 2
|
||||
|
||||
# List out the designate-mdns servers from which BIND servers should
|
||||
# request zone transfers (AXFRs) from.
|
||||
# This should be the IP of the controller node.
|
||||
# If you have multiple controllers you can add multiple masters
|
||||
# by running designate-mdns on them, and adding them here.
|
||||
masters:
|
||||
- host: 10.0.0.51
|
||||
port: 5354
|
||||
- host: 10.0.0.52
|
||||
port: 5354
|
||||
- host: 10.0.0.53
|
||||
port: 5354
|
||||
|
||||
# BIND Configuration options
|
||||
options:
|
||||
host: 10.0.0.52
|
||||
port: 53
|
||||
rndc_host: 172.17.0.252
|
||||
rndc_port: 953
|
||||
rndc_key_file: /etc/rndc.key
|
||||
- type: bind9
|
||||
description: BIND9 Server 3
|
||||
|
||||
# List out the designate-mdns servers from which BIND servers should
|
||||
# request zone transfers (AXFRs) from.
|
||||
# This should be the IP of the controller node.
|
||||
# If you have multiple controllers you can add multiple masters
|
||||
# by running designate-mdns on them, and adding them here.
|
||||
masters:
|
||||
- host: 10.0.0.51
|
||||
port: 5354
|
||||
- host: 10.0.0.52
|
||||
port: 5354
|
||||
- host: 10.0.0.53
|
||||
port: 5354
|
||||
|
||||
# BIND Configuration options
|
||||
options:
|
||||
host: 10.0.0.53
|
||||
port: 53
|
||||
rndc_host: 172.17.0.253
|
||||
rndc_port: 953
|
||||
rndc_key_file: /etc/rndc.key
|
||||
|
||||
# If True, enable the internal Neutron DNS server that provides name
|
||||
# resolution between VMs. This parameter has no effect if
|
||||
# NeutronDhcpAgentDnsmasqDnsServers is set.
|
||||
# Type: boolean
|
||||
NeutronEnableInternalDNS: True
|
||||
|
||||
# Comma-separated list of extensions enabled for the Neutron plugin.
|
||||
# Type: comma_delimited_list
|
||||
NeutronPluginExtensions: qos,port_security,dns
|
||||
|
|
@ -1,69 +0,0 @@
|
|||
# *******************************************************************
|
||||
# This file was created automatically by the sample environment
|
||||
# generator. Developers should use `tox -e genconfig` to update it.
|
||||
# Users are recommended to make changes to a copy of the file instead
|
||||
# of the original, if any customizations are needed.
|
||||
# *******************************************************************
|
||||
# title: Configure Designate Parameters
|
||||
# description: |
|
||||
# Sample configuration parameters for Designate. Requires the
|
||||
# enable-designate environment.
|
||||
parameter_defaults:
|
||||
# The content for Designate's pools.yaml
|
||||
# Mandatory. This parameter must be set by the user.
|
||||
# Type: string
|
||||
DesignatePools: |
|
||||
- name: default
|
||||
# The name is immutable. There will be no option to change the name after
|
||||
# creation and the only way will to change it will be to delete it
|
||||
# (and all zones associated with it) and recreate it.
|
||||
description: Default Pool
|
||||
|
||||
attributes: {}
|
||||
|
||||
# List out the NS records for zones hosted within this pool
|
||||
# This should be a record that is created outside of designate, that
|
||||
# points to the public IP of the controller node.
|
||||
ns_records:
|
||||
- hostname: ns1-1.example.org.
|
||||
priority: 1
|
||||
|
||||
# List out the nameservers for this pool. These are the actual BIND servers.
|
||||
# We use these to verify changes have propagated to all nameservers.
|
||||
nameservers:
|
||||
- host: 10.0.0.51
|
||||
port: 53
|
||||
|
||||
# List out the targets for this pool. For BIND there will be one
|
||||
# entry for each BIND server, as we have to run rndc command on each server
|
||||
targets:
|
||||
- type: bind9
|
||||
description: BIND9 Server 1
|
||||
|
||||
# List out the designate-mdns servers from which BIND servers should
|
||||
# request zone transfers (AXFRs) from.
|
||||
# This should be the IP of the controller node.
|
||||
# If you have multiple controllers you can add multiple masters
|
||||
# by running designate-mdns on them, and adding them here.
|
||||
masters:
|
||||
- host: 10.0.0.51
|
||||
port: 5354
|
||||
|
||||
# BIND Configuration options
|
||||
options:
|
||||
host: 10.0.0.51
|
||||
port: 53
|
||||
rndc_host: 172.17.0.251
|
||||
rndc_port: 953
|
||||
rndc_key_file: /etc/rndc.key
|
||||
|
||||
# If True, enable the internal Neutron DNS server that provides name
|
||||
# resolution between VMs. This parameter has no effect if
|
||||
# NeutronDhcpAgentDnsmasqDnsServers is set.
|
||||
# Type: boolean
|
||||
NeutronEnableInternalDNS: True
|
||||
|
||||
# Comma-separated list of extensions enabled for the Neutron plugin.
|
||||
# Type: comma_delimited_list
|
||||
NeutronPluginExtensions: qos,port_security,dns
|
||||
|
|
@ -20,3 +20,15 @@ resource_registry:
|
|||
OS::TripleO::Services::DesignateBind: ../deployment/experimental/designate/designate-bind-container.yaml
|
||||
OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml
|
||||
OS::TripleO::Services::Unbound: ../deployment/unbound/unbound-container-ansible.yaml
|
||||
|
||||
parameter_defaults:
|
||||
# If True, enable the internal Neutron DNS server that provides name
|
||||
# resolution between VMs. This parameter has no effect if
|
||||
# NeutronDhcpAgentDnsmasqDnsServers is set.
|
||||
# Type: boolean
|
||||
NeutronEnableInternalDNS: True
|
||||
|
||||
# Comma-separated list of extensions enabled for the Neutron plugin.
|
||||
# Type: comma_delimited_list
|
||||
NeutronPluginExtensions: qos,port_security,dns
|
||||
|
||||
|
|
|
@ -8,23 +8,15 @@ environments:
|
|||
|
||||
This environment enables the Designate services. One of the
|
||||
designate-config* environment files must also be included.
|
||||
# FIXME(bnemec): files should not be a required key.
|
||||
files: {}
|
||||
resource_registry:
|
||||
OS::TripleO::Services::DesignateApi: ../deployment/experimental/designate/designate-api-container-puppet.yaml
|
||||
OS::TripleO::Services::DesignateCentral: ../deployment/experimental/designate/designate-central-container-puppet.yaml
|
||||
OS::TripleO::Services::DesignateMDNS: ../deployment/experimental/designate/designate-mdns-container-puppet.yaml
|
||||
OS::TripleO::Services::DesignateProducer: ../deployment/experimental/designate/designate-producer-container-puppet.yaml
|
||||
OS::TripleO::Services::DesignateWorker: ../deployment/experimental/designate/designate-worker-container-puppet.yaml
|
||||
OS::TripleO::Services::DesignateMDNS: ../deployment/experimental/designate/designate-mdns-container-puppet.yaml
|
||||
OS::TripleO::Services::DesignateBind: ../deployment/experimental/designate/designate-bind-container.yaml
|
||||
OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml
|
||||
OS::TripleO::Services::Unbound: ../deployment/unbound/unbound-container-ansible.yaml
|
||||
-
|
||||
name: designate-config
|
||||
title: Configure Designate Parameters
|
||||
description: |
|
||||
Sample configuration parameters for Designate. Requires the
|
||||
enable-designate environment.
|
||||
files:
|
||||
deployment/neutron/neutron-plugin-ml2.yaml:
|
||||
parameters:
|
||||
|
@ -32,167 +24,6 @@ environments:
|
|||
deployment/neutron/neutron-dhcp-container-puppet.yaml:
|
||||
parameters:
|
||||
- NeutronEnableInternalDNS
|
||||
deployment/experimental/designate/designate-central-container-puppet.yaml:
|
||||
parameters:
|
||||
- DesignatePools
|
||||
sample_values:
|
||||
NeutronPluginExtensions: qos,port_security,dns
|
||||
NeutronEnableInternalDNS: True
|
||||
DesignatePools: |-
|
||||
|
|
||||
- name: default
|
||||
# The name is immutable. There will be no option to change the name after
|
||||
# creation and the only way will to change it will be to delete it
|
||||
# (and all zones associated with it) and recreate it.
|
||||
description: Default Pool
|
||||
|
||||
attributes: {}
|
||||
|
||||
# List out the NS records for zones hosted within this pool
|
||||
# This should be a record that is created outside of designate, that
|
||||
# points to the public IP of the controller node.
|
||||
ns_records:
|
||||
- hostname: ns1-1.example.org.
|
||||
priority: 1
|
||||
|
||||
# List out the nameservers for this pool. These are the actual BIND servers.
|
||||
# We use these to verify changes have propagated to all nameservers.
|
||||
nameservers:
|
||||
- host: 10.0.0.51
|
||||
port: 53
|
||||
|
||||
# List out the targets for this pool. For BIND there will be one
|
||||
# entry for each BIND server, as we have to run rndc command on each server
|
||||
targets:
|
||||
- type: bind9
|
||||
description: BIND9 Server 1
|
||||
|
||||
# List out the designate-mdns servers from which BIND servers should
|
||||
# request zone transfers (AXFRs) from.
|
||||
# This should be the IP of the controller node.
|
||||
# If you have multiple controllers you can add multiple masters
|
||||
# by running designate-mdns on them, and adding them here.
|
||||
masters:
|
||||
- host: 10.0.0.51
|
||||
port: 5354
|
||||
|
||||
# BIND Configuration options
|
||||
options:
|
||||
host: 10.0.0.51
|
||||
port: 53
|
||||
rndc_host: 172.17.0.251
|
||||
rndc_port: 953
|
||||
rndc_key_file: /etc/rndc.key
|
||||
children:
|
||||
-
|
||||
name: designate-config-ha
|
||||
title: Configure Designate Parameters for HA
|
||||
description: |
|
||||
Sample configuration parameters for Designate that are appropriate
|
||||
for an HA deployment. Requires the enable-designate environment.
|
||||
sample_values:
|
||||
NeutronPluginExtensions: qos,port_security,dns
|
||||
NeutronEnableInternalDNS: True
|
||||
DesignatePools: |-
|
||||
|
|
||||
- name: default
|
||||
# The name is immutable. There will be no option to change the name after
|
||||
# creation and the only way will to change it will be to delete it
|
||||
# (and all zones associated with it) and recreate it.
|
||||
description: Default Pool
|
||||
|
||||
attributes: {}
|
||||
|
||||
# List out the NS records for zones hosted within this pool
|
||||
# This should be a record that is created outside of designate, that
|
||||
# points to the public IP of the controller node.
|
||||
ns_records:
|
||||
- hostname: ns1-1.example.org.
|
||||
priority: 1
|
||||
- hostname: ns1-2.example.org.
|
||||
priority: 2
|
||||
- hostname: ns1-3.example.org.
|
||||
priority: 3
|
||||
|
||||
# List out the nameservers for this pool. These are the actual BIND servers.
|
||||
# We use these to verify changes have propagated to all nameservers.
|
||||
nameservers:
|
||||
- host: 10.0.0.51
|
||||
port: 53
|
||||
- host: 10.0.0.52
|
||||
port: 53
|
||||
- host: 10.0.0.53
|
||||
port: 53
|
||||
|
||||
# List out the targets for this pool. For BIND there will be one
|
||||
# entry for each BIND server, as we have to run rndc command on each server
|
||||
targets:
|
||||
- type: bind9
|
||||
description: BIND9 Server 1
|
||||
|
||||
# List out the designate-mdns servers from which BIND servers should
|
||||
# request zone transfers (AXFRs) from.
|
||||
# This should be the IP of the controller node.
|
||||
# If you have multiple controllers you can add multiple masters
|
||||
# by running designate-mdns on them, and adding them here.
|
||||
masters:
|
||||
- host: 10.0.0.51
|
||||
port: 5354
|
||||
- host: 10.0.0.52
|
||||
port: 5354
|
||||
- host: 10.0.0.53
|
||||
port: 5354
|
||||
|
||||
# BIND Configuration options
|
||||
options:
|
||||
host: 10.0.0.51
|
||||
port: 53
|
||||
rndc_host: 172.17.0.251
|
||||
rndc_port: 953
|
||||
rndc_key_file: /etc/rndc.key
|
||||
- type: bind9
|
||||
description: BIND9 Server 2
|
||||
|
||||
# List out the designate-mdns servers from which BIND servers should
|
||||
# request zone transfers (AXFRs) from.
|
||||
# This should be the IP of the controller node.
|
||||
# If you have multiple controllers you can add multiple masters
|
||||
# by running designate-mdns on them, and adding them here.
|
||||
masters:
|
||||
- host: 10.0.0.51
|
||||
port: 5354
|
||||
- host: 10.0.0.52
|
||||
port: 5354
|
||||
- host: 10.0.0.53
|
||||
port: 5354
|
||||
|
||||
# BIND Configuration options
|
||||
options:
|
||||
host: 10.0.0.52
|
||||
port: 53
|
||||
rndc_host: 172.17.0.252
|
||||
rndc_port: 953
|
||||
rndc_key_file: /etc/rndc.key
|
||||
- type: bind9
|
||||
description: BIND9 Server 3
|
||||
|
||||
# List out the designate-mdns servers from which BIND servers should
|
||||
# request zone transfers (AXFRs) from.
|
||||
# This should be the IP of the controller node.
|
||||
# If you have multiple controllers you can add multiple masters
|
||||
# by running designate-mdns on them, and adding them here.
|
||||
masters:
|
||||
- host: 10.0.0.51
|
||||
port: 5354
|
||||
- host: 10.0.0.52
|
||||
port: 5354
|
||||
- host: 10.0.0.53
|
||||
port: 5354
|
||||
|
||||
# BIND Configuration options
|
||||
options:
|
||||
host: 10.0.0.53
|
||||
port: 53
|
||||
rndc_host: 172.17.0.253
|
||||
rndc_port: 953
|
||||
rndc_key_file: /etc/rndc.key
|
||||
|
|
|
@ -1015,8 +1015,7 @@ def validate_service_hiera_interpol(f, tpl):
|
|||
if 'apache::mod::remoteip::proxy_ips' in path:
|
||||
continue
|
||||
# Omit Designate rndc_allowed_addressses
|
||||
if ('tripleo::profile::base::designate::rndc_allowed_addresses' in
|
||||
path):
|
||||
if ('rndc_allowed_addresses' in path):
|
||||
continue
|
||||
# Omit Neutron ml2 overlay_ip_version
|
||||
if 'neutron::plugins::ml2::overlay_ip_version' in path:
|
||||
|
|
Loading…
Reference in New Issue